fbpx

The very fine line

https://www.techdirt.com/articles/20150420/05585630727/fbi-united-airlines-shoot-messenger-after-security-researcher-discovers-vulnerabilities-airplane-computer-system.shtml

The above caught my attention the other day, in part because I have an ongoing fascination with transitional spaces.  Those grey areas which aren’t quite “good guy” and not quite “bad guy”.  Most of the ones I encounter are legal grey spaces (rather than moral ones).  A law or a rule has been placed in place that is ignored if the rulebreaker is working for the greater good, and enforced when the rulebreaker is operating with malicious intent.  Needless to say, this kind of inconsistent enforcement can become a problem, especially if clear secondary boundaries are not set.

Take (as a similar example) the bounties that companies like MSFT and Facebook place on finding security holes in their software.  There are potential criminal penalties for finding and exploiting these holes, but if you find one and are the first one to report it (I’m over simplifying here, I’m aware) there is often a bounty awarded.  In both cases, the act of hacking the software is technically illegal (again, oversimplifying), but the company chooses to reward one instance and persecute another (which makes sense, right?  One hack is by a good-guy, helping to make the software more secure, the other is the bad guy, exploiting the hack for personal gain).

But because of these inconsistencies, the laws get hard to enforce.  Law enforcement and the corporate interests may not align.  Hackers and crackers may switch hats with regularity, working on “white hat” projects and “black hat” projects simultaneously or in turn, depending where their interests lie and because of this, law enforcement tends to regard most (if not all) of them with equal suspicion, leading to incidents like the one above.

 

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Comments are closed.